The present invention relates to a programmable unit having an on-chip debug support (OCDS) module.
The programmable units under discussion are, for example, microprocessors, microcontrollers and the like. Widely differing embodiments of such units have been known for many years and require no more detailed explanation.
The on-chip debug support (OCDS) modules are now integrated in virtually all relatively modern programmable units. External debuggers can use such devices during xe2x80x9cnormalxe2x80x9d operation of the relevant programmable units to access and influence these units in many ways. At the moment, this is primarily used in such a way that the relevant programmable units are automatically stopped on reaching interrupt conditions which can be preset, and/or in such a way that deliberate read and/or write accesses are made to the internal and external registers, memories and/or other components of the relevant programmable units, and/or to the systems containing them.
The external debuggers are devices that have been known for a long time and in a wide range of embodiments for searching for software and/or hardware faults that are present in the relevant programmable units or in the systems that contain them.
The OCDS modules change the external debuggers (whose configuration is relatively simple) into very powerful tools, by which even programmable units which are highly complex and/or which operate very fast can be monitored and checked comprehensively and efficiently.
However, the OCDS modules also make it possible to access or to manipulate data or programs which need to be kept secret for security and/or competition reasons, by read and/or write accesses of the OCDS modules to internal and/or external registers, memories, or other components which can be addressed via the OCDS modules. Clearly, this is undesirable.
It is accordingly an object of the invention to provide a programmable unit which overcomes the above-mentioned disadvantages of the prior art devices of this general type, such that, while the performance of the OCDS module remains high, the risk of its misuse can be reduced to a minimum.
With the foregoing and other objects in view there is provided, in accordance with the invention, a system having a programmable unit and a device for accessing the programmable unit. The programmable unit contains an on-chip debug support (OCDS) module, registers addressable by the OCDS module, memories addressable by the OCDS module, other components addressable by the OCDS module, and an access authorization monitoring device connected to the OCDS module. The access authorization monitoring device ensures that read and write accesses demanded from the OCDS module to the registers, the memories and/or the other components which can be addressed through the OCDS module are carried out only if the device demanding relevant accesses has a verified authorization for this.
Accordingly, the invention provides that the programmable unit has an access authorization monitoring device which is used to ensure that read and write accesses demanded from the OCDS module to the internal and/or external registers, the memories and/or the other components which can be addressed via the OCDS module are carried out only if the device demanding the relevant accesses has verified its authorization to perform desired functions.
The decision as to whether the OCDS module carries out the (security-critical) read and write accesses demanded from it to the internal and/or external registers, the memories and/or the other components which can be addressed via the OCDS module is thus made dependent on the device requesting the accesses. The requested accesses are actually carried out only if the device can verify that it is authorized to request such accesses; in all other cases, such accesses are not carried out.
Since the details of the required authorization verification are known only to the manufacturer of the programmable unit or of the system which contains the programmable unit, this manufacturer can define whether and, if appropriate, by whom, the OCDS module can be used without restriction by signaling the details of the authorization verification. All other persons can use the OCDS module only to an extent that does not allow any accesses to security-relevant data or programs.
In this case, it is possible to allow a device which can use the OCDS module in an unrestricted manner (after authorization verification) to cause the programmable unit to be reset, after which, exceptionally,xe2x80x94without any limitation to the present access authorization to the OCDS modulexe2x80x94no renewed authorization verification is required by the relevant device. Then, despite the security mechanism installed in the programmable unit, the processes which take place after resetting the programmable unit can also be monitored from the start, without any restriction and without any gaps.
In accordance with an added feature of the invention, the process of carrying out the read and write accesses demanded from the OCDS module to the registers, the memories and/or the other components which can be addressed through the OCDS module is suppressed if and for as long as an inhibit signal is set and received by the access authorization monitoring device.
In accordance with an additional feature of the invention, the access authorization monitoring device has an input receiving the inhibit signal, and the inhibit signal is set automatically after a resetting of the programmable unit.
In accordance with another feature of the invention, the inhibit signal is reset by verification of an authorization to request the read and write accesses to the registers, the memories and/or the other components which can be addressed through the OCDS module.
In accordance with a further feature of the invention, the inhibit signal is, exceptionally, not set after the resetting of the programmable unit if a security-cancellation signal is set and received by the access authorization monitoring device.
In accordance with another added feature of the invention, the security-cancellation signal is not reset by the resetting of the programmable unit.
In accordance with another further feature of the invention, the security-cancellation signal can be set only if the programmable unit has connected to it the device which is authorized to request the read and write accesses to the registers, the memories and/or the other components which can be addressed through the OCDS module, and has verified the authorization.
In accordance with a concomitant feature of the invention, a verification of an authorization to request the read and write accesses to the registers, the memories and/or the other components which can be addressed through the OCDS module is produced by a transmission of at least one of predetermined data and a predetermined data string from the device requesting the authorization to the programmable unit.
Other features which are considered as characteristic for the invention are set forth in the appended claims.
Although the invention is illustrated and described herein as embodied in a programmable unit, it is nevertheless not intended to be limited to the details shown, since various modifications and structural changes may be made therein without departing from the spirit of the invention and within the scope and range of equivalents of the claims.